Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Maven release with jenkins slave and Credentials : how to pass SCM credentials to maven?

I'm using a Jenkins master/slave setup. I'd like Jenkins to have one "source" of information for credentials. Not keys/passwords scattered all over the place.

So, I don't want to define my SCM in Jenkins (with credentials from the Jenkins Credential provider) and then again in the pom.xml/settings.xml/id_rsa.pem depending on job. Everybody likes to make their own way of doing things and we end up with copies of the keyfile or passwords all over the place. Sooner or later someone pushes a pom to a public repo and our server is compromised...

I cannot see a maintainable way of getting the credentials out of Jenkins into somewhere maven release plugin can use them. What am I missing? (maven release fails when trying to push the tags to git

[ERROR] The git-push command failed.
[ERROR] Command output:
[ERROR] Permission denied (publickey).

)

I could obviously define a "file" that gets installed on the slave that contains the pem (I can think of several ways to do that) but then I have a maintenance headache when we rotate keys to remember it's in multiple locations. Otherwise, snapshots work for a month and then the release fails and nobody can figure why mvn suddenly can't push to git.

(NB it's key login only, no passwords)

like image 903
Max Allan Avatar asked Jan 16 '17 14:01

Max Allan


People also ask

How to use maven release plugin in Jenkins?

Project ConfigurationOn the job configuration page, enable the "Maven release build" under the Build Environment heading and add whatever release goals and options your require.

How does maven release plugin work?

The plugin will extract file revisions associated with the current release. Maven will compile, test and package the versioned project source code into an artifact. The final deliverable will then be released into an appropriate maven repository.

What is Mvn release prepare?

Preparing a release goes through the following release phases by default: Check that there are no uncommitted changes in the sources. Check that there are no SNAPSHOT dependencies. Change the version in the POMs from x-SNAPSHOT to a new version (you will be prompted for the versions to use)


1 Answers

Spent all morning trying to figure this out, then spot the "SSH Agent" tick box on the "Build environment" section. Tick it, and give the right credential and it works. I considered deleting the question, but after reading lots of other high maintenance suggestions (involving copies of the .pem file) I thought I'd leave it.

like image 88
Max Allan Avatar answered Oct 04 '22 03:10

Max Allan